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The invention provides a method of authen- 
ticating to a user or customer a tennlnal, such 
as an automatic teller machine, in a transaction 
execution system. The terminal is authenticated 
(300,305,310.315) by a central host using cryp- 
tographic techniques, and a personal security 
phrase (PSP) is sent (370) from the host to the 
terminal. A message, incorporating the per- 
sonal security phrase, is communicated (380) to 
the customer by the temiinal, thereby indicating 
that the tenninal is legitimate. The temninal is 
authenticated to the customer prior to his enter- 
ing (390) any secret or confidential information, 
such as a personal identification number, into 
the terminal. 
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FIELD OF THE INVENTION 

The present invention relates generally to trans- 
action execution systems. More particularly, the 
present invention relates to authenticating to a user 5 
components of a transaction execution system hav- 
ing a central host in communication with remote ter- 
minals which permit the execution of transactions 
such as the issuance of cash or the transfer of funds 
between accounts. ,0 

BACKGROUND OF THE INVENTION 

Use of transaction terminals such as automatic 
teller machines (ATMs) which are operable at all 15 
hours has been widely accepted to satisfy needs for 
dispensing cash and performing other financial trans- 

_„actions.at unmanned locations. The convenience of 

ATMs has made them extremely popular with the gen- 
eral public. Furthermore, owners of retail merchand- 20 
ise stores have found that the on-premise location of 
an ATM attracts customers into the retail location, 
which in turn increases the number of cash purchases 
by customers. As a result, ATMs are often located at 
locations remote from the associated financial insti- 25 
tutions, such as banks. Such a distributed system of 
ATMs or other transaction terminals poses several in- 
tricate security problems. 

The financial industry is particularly concerned 
about these security issues. For example, electronic 30 
funds transfer (EFT) systems that employ ATMs typ- 
ically do not require the user's signature, which may 
be forged easily, on an instrument in order to perform 
a transaction. Rather, the user's secret personal iden- 
tification number (PIN) and plastic bank card or trans- 35 
action card serve the purpose of identifying and ver- 
ifying the user to the EFT system. The PIN may be, 
for example, a four-digit number. Typically, after the 
user inserts his bank card into a slot in the ATM, the 
ATM prompts the user for his PIN. The user then en- 40 
ters his PIN into a keyboard associated with the ATM, 
which then compares the PIN with information stored 
in a database connected to the ATM. The transaction 
is allowed to proceed only if the comparison indicates 
that the proper PIN was entered. 45 

Several security issues have arisen in connection 
with unauthorized persons obtaining the PIN and 
other account information of a legitimate customer. 
This situation is of particular concern because the un- 
authorized person can then gain access to the infor- so 
mation stored in the private accounts of the legitimate 
customer as well as access to any funds stored in 
such accounts. In response to these concerns, the fi- 
nancial industry has employed various techniques to 
counter unauthorized uses of PIN numbers and bank 55 
cards. For example, it is known to use cryptographic 
operations in order to encode the PIN once the user 
has entered it into the keyboard associated with the 



ATM. Such techniques help prevent unauthorized 
persons from monitoring messages transmitted over 
network links and thereby obtaining PIN information. 

Recently, highly sophisticated techniques have 
been used by unauthorized persons in order to obtain 
PIN and other account information. One such techni- 
que includes deploying a bogus ATM in a shopping 
mall or other public location. The bogus machine does 
not dispense cash when a customer inserts his bank 
or transaction card and enters his PIN. The machine 
does, however, retain and record the card account 
number and PIN which the customer entered in a vain 
attempt to make the machine dispense cash. The re- 
corded information can then be used to create bogus 
plastic cards that simulate the action of the real bank 
cards. Together with the PINs recorded by the bogus 
machine, these cards can be used at legitimate ATMs 
- to transfer or withdraw,-for example; funds stored in 
other persons' bank accounts. 

Schemes such as the one outlined above clearly 
indicate the need for a method of authenticating the 
ATM or other transaction terminal to a user or custom- 
er prior to his providing any secret or confidential in- 
fomiation to the ATM or other transaction terminal. 

Methods for authenticating hardware compo- 
nents to one another in a communication system by 
using cryptographic techniques are known in the art. 
U.S Patent 4,799,061, "Secure Component Authenti- 
cation System." issued to Abraham et al„ for example, 
discloses one such method. These methods, how- 
ever, do not provide for authenticating the compo- 
nents to a user or customer. 

The problem of authenticating to a user a terminal 
that requires the user to enter confidential information 
has been previously recognized. One solution sug- 
gested in some references is to provide the user with 
a separate, personalized, portable terminal device. 
U.S. Patent No. 4,529,870, "Cryptographic Identifica- 
tion, Financial Transactions, and Credential Device," 
for example, provides a cryptographic apparatus 
which may be utilized by its owner to identify himself 
to an external computer system, to perfonn various fi- 
nancial transactions with an external system, and to 
provide various kinds of credentials to an external 
system. In one embodiment, the apparatus is separ- 
able into a cryptographic device and a personal ter- 
minal device. The owner of the apparatus presumably 
has greater control over the personal terminal device, 
thereby making it less likely that confidential data 
would be improperly retained by a terminal such as a 
merchant's point of sale terminal. Such devices, how- 
ever, require that additional hardware be incorporated 
into the card-like device and may require additional 
changes so that the device and other system compo- 
nents can communicate. 
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SUMMARY OF THE INVENTION 

The present invention provides a method of au- 
thenticating to a user components of a transaction 
execution system having a central host in communi- 
cation with remote terminals which permit the execu- 
tion of transactions such as the issuance of cash or 
the inter-account transfer of funds. The method of the 
present invention includes the steps of receiving ac- 
count information in a terminal; contacting through a 
communication line a host associated with an institu- 
tion that issued said account information: sending at 
least a portion of said account information from said 
terminal to said host; sending a personal security 
phrase, con-esponding to said account, from said host 
to said terminal; and communicating to said user at 
said terminal a message incorporating said personal 
security phrase, where the aforementioned steps oc- 
cur prior to said user's entering any secret or confi- 
dential infonrtation into said terminal. 

Additional features and advantages of the pres- 
ent invention will be apparent by reference to the fol- 
lowing detailed description and accompanying draw- 
ings. 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 is a block diagram showing an exemplary 
transaction execution system in which the present in- 
vention is particularly advantageous. 

FIG. 2 shows an exemplary database entry ac- 
cording to the method of the present invention. 

FIG. 3 is a flow chart showing the steps of an au- 
thentication process according to the method of the 
present invention. 

FIG. 4 is a flow chart showing the steps of a pre- 
ferred embodiment for authenticating a terminal and 
host to one another in accordance with the present in- 
vention. 

FIG. 5 is a flow chart showing the steps of a pre- 
ferred embodiment for exchanging communications 
between a terminal and host in accordance with the 
present invention. 

DETAILED DESCRIPTION 

FIG. 1 illustrates an exemplary transaction exe- 
cution system in which the present invention is partic- 
ularly advantageous. Institution 1 is, for example, a fi- 
nancial institution such as a bank. The bank 1 in- 
cludes a host 2 which has a database 3 and a proc- 
essor 4. The processor 4 has encryption logic 5, de- 
cryption logic 6, and a comparator 7. The host 2 also 
includes a random number generator 8. Terminal 10 
is. for example, one of a plurality of geographically 
dispersed automatic teller machines (ATMs) connect- 
ed to the bank's host 2 by communication line 9 which 
may be. for example, a telephone line. The ATM 10 



has a slot 12 for accepting and returning a bank card 
inserted by a customer as well as means 14 for read- 
ing information stored on the card. The reading 
means 14 is coupled to a processor 16 which includes 
5 encryption logic 17. decryption logic 18 and a com- 
parator 19. A random number generator 25 is also 
connected to the processor 16. The ATM 10 also has 
means for storing information or data 20 connected to 
the processor 16. In addition, the ATM 10 has a key- 
to board 21 and a presentation module 22 which are 
coupled to the processor 16. The presentation mod- 
ule 22 may be. for example, a display screen, which 
may include means for displaying a still image or a se- 
quence of images, such as a video screen with a vid- 
15 eo card. The presentation module 22 may also in- 
clude means for communicating voice or sound, such 
as a loudspeaker with a speech card. Finally, the ATM 
10 has a second slot 24, also connected to the proc- 
essor 16, for dispensing cash. Additional terminals, 
20 not shown in FIG. 1, also may be connected to the 
bank's host 2. 

When a new terminal, such as the ATM 10. is 
brought on-line as part of the transaction execution 
system of FIG. 1, the bank 1 assigns it a serial num- 
25 ber. S, and an encryption key, K. The serial number, 
S, may be, for example, a ten-digit number or a num- 
ber of some other suitable length. The encryption key 
K is one that can be used in a secure encryption 
scheme. K may be. for example, a 56-bit Data Encryp- 
30 tion Standard (DES) key for use in a cryptosystem 
such as the one described in ''Data Encryption Stan- 
dards." FIPS Pub. 46, National Bureau of Standards. 
(Jan. 1977). This article and ail other articles and pa- 
tents referred to herein are incorporated by reference. 
35 The serial number and encryption key are stored both 
in the ATM's storage means 20 and in the bank's host 
2, 

When a customer at the bank 1 registers to obtain 
an account, he is assigned an account number. The 
40 bank 1 typically provides the customer with a plastic 
transaction or bank card which has a magnetic strip 
containing pertinent account information. This infor- 
mation typically includes a number identifying the 
bank that issued the card, the customer's account 
45 number, and the customer's name. It may. however, 
include other information as well. (The transaction 
card also may be a smart card, for example, such as 
the one described in U.S. Patent No. 4,795.898.) The 
customer then chooses or is assigned a personal 
50 identification number (PIN), which may be, for exam- 
ple, a four-digit number The PIN generally is meant 
to be kept confidential and not communicated to per- 
sons who do not have authority to use the card. In ac- 
cordance with the method of the present invention, 
55 the customer also chooses or is assigned a personal 
security phrase (PSP). The personal security phrase 
may be any combination of words or alpha-numeric 
characters whose total length is not greater than a 
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pre-determined length, but preferably it is a phrase 
which is relatively easy for the particular customer to 
remember or recognize. The PSP is not limited, how- 
ever, to alpha-numeric characters. It may also be a 
still image or sequence of images that can be trans- 5 
mitted electronically. Similarly, the PSP may be in the 
form of recorded speech or sound. As with a PSP that 
takes the form of some combination of alpha-numeric 
characters, a video or audio PSP is preferably rela- 
tively easy for the customer to remember or recog- io 
nize. The PSP then is entered by employees of the 
bank 1 into the host 2 along with other account infor- 
mation, including the customer's name, the custom- 
er's account number, and the customer's PIN. Typi- 
cally, the PIN itself is not stored in the host 2, but rath- is 
er an encryption or hashed version of the PIN is stor- 
ed by using, for example, a one-way function. Such 
one-way functions are well-known in-the art-and are - - 
described in A. Evans et al.. "A User Authentication 
Scheme Not Requiring Secrecy in the Computer,** 20 
Comm. ACM, vol. 17, No. 8. pp. 437-442 (1974). The 
PSP need not be stored in an encrypted form, al- 
though it may be stored in an encrypted form. 

FIG. 2 shows an exemplary entry 200 in the 
bank's database 3. Assume, for the purpose of illus- 25 
tratlon, that the customer's name is Mr. David B. 
Smith, his account number is "XY2", his PIN is "1 234". 
and his PSP is "Charity begins at home." The bank's 
database 3 would then contain the following entry 
200: "name = Mr. David B. Smith, account = XYZ. PIN 30 
= OW(1234), PSP = Charity begins at home" as 
shown in FIG. 2. *'OW(1234)" is the encrypted form of 
the PIN using a specified one-way function. 

FIG. 3 is a flowchart of an authentication process 
according to the method of the present invention. 35 
When a customer, for example Mr. David B. Smith, 
wishes to perform a financial transaction using a ter- 
minal, such as the ATM 10, he inserts his bank card 
into the slot 12 in the ATM 10 as shown in step 300. 
The ATM reads the account information from the card 40 
in step 305. As indicated above, this information typ- 
ically would include the customer's name. David B. 
Smith, and the account number, XYZ. Of course, in 
some transaction execution systems, the customer 
might enter the account information into the terminal 45 
manually rather than by inserting a machine readable 
card into the terminal. Next, in step 310, the ATM 10 
contacts the bank's host 2 over communication line 9. 
The ATM 10 and the bank's host 2 engage in a two- 
way challenge-response, d iscussed more fully below, so 
in step 315. More specifically, the ATM 10 authenti- 
cates itself to the bank's host 2 in step 320 to ensure 
that it is legitimate. The bank's host 2 authenticates 
itself to the ATM 1 0 in step 340 to ensure that the ATM 
10 has contacted a legitimate bank. 55 

The two-way challenge-response that takes 
place between the ATM and the bank's host is not lim- 
ited to any particular form so long as each can authen- 



ticate itself to the other. Methods for authenticating 
components in a communication system are known in 
the art In one embodiment of the invention, the au- 
thentication scheme uses cryptographic techniques 
to determine whether each has the proper key. In par- 
ticular, each component verifies that the other holds 
an identical encryption key. One such authentication 
scheme is disclosed in U.S. Patent 4,799,061, refer- 
red to above. A preferred embodiment for verifying 
the identity of the keys held by a bank's host and stor- 
ed in an ATM is shown in FIG. 4. For the purpose of 
illustration, it is assumed that the terminal and bank 
attempting to verify one another are the ATM 10 and 
the host 2, respectively. Furthermore, for the purpose 
of illustration, it is assumed that the host has an en- 
cryption key K1 , and the ATM has an encryption key 
K2. Of course, if the bank and the ATM are legitimate, 
-then the two keys, K1 and K2;-are identical, and they 
are. by definition, identical to the key K. 

Referring to FIG. 4, the ATM 10 sends its serial 
numbers to the bank's host 2. as shown in step 321. 
This information is not sent in encrypted form. Next, 
the host 2 generates a first random number Ca using 
the random number generator 8 in step 322. The host 
2 then sends the random number Ca to the ATM 1 0 in 
step 323. Again, this information need not be sent in 
encrypted form. In step 325, the ATM 10 computes eK2 
(S, Ca, 0), the encryption of S, Ca and a first direction 
code, using its key K2 and the encryption logic 17. Al- 
though the direction code is shown as a direction bit 
"0", other direction codes may be used as well. The 
ATM 10 also generates a second random number CB 
using the random number generator 25 in step 326. 
Next, the ATM 10 sends Cb and its encryption of S, 
Ca and the first direction code to the host 2 as shown 
in step 327. In step 330, which can occur either prior 
to the steps 325-327, concurrent with the steps 325- 
327, or subsequent to the steps 325-327, the host 2 
computes Bki (S, Ca, 0), the encryption of S, Ca and 
the first direction code, using its key K1 and the en- 
cryption logic 5. Then, subsequent to the steps 327 
and 330, the host 2 compares in comparator 7 its en- 
cryption of S, Ca and the direction code to the ATM's 
encryption of the same information as shown in step 
331. If the encrypted values are not equal, then, in 
step 332. the host 2 disconnects the communication 
line that was established with the ATM 10. Also, as 
shown in step 335, the host 2 alerts a system operator 
of the possibility of an illegitimate terminal connected 
to the transaction execution system. On the other 
hand, if the host 2 verifies that the encrypted values 
are equal, then the ATM 10 is authenticated as shown 
in step 336. In step 345, the host 2 proceeds to com- 
pute eKi (S, Cb, 1 ). the encryption of S, Cb, and a sec- 
ond direction code, different from the first direction 
code, using its key K1 and the encryption logic 5. The 
host 2 then sends its encryption of S, Cb, and the sec- 
ond direction code to the ATM 10 in step 347. In step 
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350. which can occur either prior to the steps 345 and 
347. concurrent with those steps, or subsequent to 
those steps, the ATM 10 computes eK2(S. Cq, 1). the 
encryption of S, Cb and the second direction code, us- 
ing its key K2 and the encryption logic 17, The ATM 5 
10 then compares, using the comparator 19. its en- 
cryption of S, Cb, and the second direction code to the 
host's encryption of the same information as shown 
in step 351. If the encrypted values are not equal, 
then, in step 352. the ATM 10 disconnects the com- io 
munication line that was established with the host 2. 
The ATM 10 then displays, on the presentation mod- 
ule 22, an error message, as shown in step 353, and 
returns the customer's card through slot 12, as shown 
in step 354. Also, in step 335, the ATM 1 0 alerts a sys- is 
tem operator of the possibility of an illegitimate host 
connected to the transaction execution system. On 
the other hand, if the ATM verifies that the encrypted 
values are equal, then the host 2 is authenticated as 
shown in step 356. The step 356 completes the two- 20 
way challenge-response between the bank's host 2 
and the ATM 10. As indicated in the step 359, the 
method of the present invention continues in step 360 
of FIG. 3. 

It should be noted that variations in the aforemen- 25 
tioned two-way challenge-response can be made. 
For example, in place of steps 330-331, the host 2 
would decrypt, using its key K1 and decrypt logic 6. 
the encrypted information received from the ATM 10 
in step 327 and verify that S, Ca, and the first direction 30 
code are retrieved. If they are retrieved, then the ATM 
would be authenticated as in step 336, Similar modi- 
fications, can be made to the steps 350-351 . Specif- 
ically, the ATM 10 would decrypt, using its key K2 and 
decrypt logic 18, the encrypted information received 35 
from the host 2 in step 347 and verify that S, Cq, and 
the second direction code are retrieved. If they are re- 
trieved, then the host 2 would be authenticated as in 
step 356. 

Referring again to FIG, 3, the ATM l O'sends the 40 
account information to the bank's host 2 in step 360. 
The host 2 retrieves from the database 3 the infomna* 
tion contained in the entry 200 corresponding to the 
customer's account and sends to the ATM 10 the cus- 
tomer's PSP, "Charity begins at home" in step 370. 45 
The customer's PIN, encrypted with the one-way 
function, also can be sent to the ATM 10 at this time 
for use as explained below. The ATM 10 then authen- 
ticates itself to the customer in step 380 by commu- 
nicating a message incorporating the customer's so 
PSP. For example, the ATM 10 would display, on the 
presentation module 22, the following message: 
"Good morning Mr. Smith. Your Personal Security 
Phrase is 'Charity begins at home.' If this is correct, 
please enter your four-digit personal identification 55 
number." Only if the customer, Mr. Smith, recognizes 
the PSP as his own would he enter his PIN on the key- 
board 21 in step 390. If the PSP is in the form of a still 



image or sequence of images, then a similar mes- 
sage would be communicated to the customer with 
the alpha-numeric PSP replaced by the video PSP. 
Similarly, if the PSP is in the fonm of recorded speech 
or sound, then a similar message would be commu- 
nicated to the customer with the alpha-numeric PSP 
replaced by the audio PSP communicated audibly 
through the presentation module 22, 

In a preferred embodiment, once the ATM 10 and 
host 2 have authenticated each other, all subsequent 
communications between them are sent in an en- 
crypted form in order to secure their communications. 
The ATM 1 0 and the host 2 can. for example, continue 
using the shared key K. Alternatively, they can nego- 
tiate a session key or secure the line 9 by some other 
mechanism according to well-known methods in the 
art. 

For the purpose of illustration, it will be assumed 
that the ATM 1 0 and the host 2 continue using the key 
K. A transaction identifier is also included in order to 
avoid reply attacks by unauthorized users. The trans- 
action identifier may be. for example, one of the ran- 
dom numbers generated in the step 322 or the step 
326. Alternatively, some other suitable transaction 
identifier may be used. For the purpose of illustration, 
it will be assumed that the random number Ca is used 
as the transaction identifier. 

According to the preferred embodiment as shown 
in FIG. 5, the ATM 10 encrypts the account informa- 
tion, including the customer's name and the account 
number, and the random number Ca using encrypt 
logic 17 and the key K as shown in step 501 and sends 
this information to the host 2 in step 503. Upon receiv- 
ing the encrypted form of the account information, the 
host 2 decrypts the information using decrypt logic 6 
and the shared key K in step 505, In FIG. 5, the term 
eK"^ represents a decryption using the shared key K. 
Then, in step 507, the host 2 retrieves from the data- 
base 3 the information contained in the entry 200 cor- 
responding to the customer's account. In step 509, 
the host 2 encrypts the customer's PSP and Ca using 
encrypt logic 5 and the shared key K, The host 2 then 
sends this encrypted information to the ATM 10 as 
shown in step 511. Upon receiving this information, 
the ATM 10 decrypts it using decrypt logic 18 in step 
513. The method of the invention proceeds as before 
as shown in steps 380 and 390, which, for conve- 
nience, are replicated in FIG. 5 as steps 515 and 516. 
Again, only after the ATM 10 has authenticated itself 
to the customer by communicating the customer's 
PSP to him would the customer enter his PIN on the 
keyboard 21. 

Once the customer has entered his PIN. the ATM 
10 processes the PIN according to any one of the 
standard methods known in the art to authenticate a 
user. For example, the ATM 1 0 would send the PIN in 
encrypted form to the host 2. The host would then ver- 
ify that a valid PIN was entered and instruct the ATM 
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to permit the transaction to proceed. Alternatively, 
when a new terminal, such as terminal 10, is brought 
on-line, the bank 1 may also store in it the one-way 
function. In such a situation, the PIN, encrypted with 
the one-way function, would be sent to the ATM 10 
along with the customer's PSP in the step 370 in FIG. 
3 or in the step 511 in FIG. 5. Once the customer en- 
ters his PIN in the step 390 in FIG. 3 or in the step 516 
in FIG. 5, the ATM 10 would encrypt it using the built- 
in one-way function and compare the result with the 
value received from the bank's host. If they are iden- 
tical, the ATM 10 permits the transaction to proceed. 

Although the invention has been described in 
terms of one bank which issues its own banks cards 
for use with a plurality of ATMs connected to the 
bank's host, the invention also may be used In an in- 
terchange system in which a plurality of banks agree 
.to.honor, in their own.respective ATMs, cards issued 
by the other banks. Similarly, although the present in- 
vention has been described in terms of ATMs, it also 
can be used with other types of terminals, such as a 
merchant's point of sale terminal, which require a cus- 
tomer or user to enter confidential information. This 
and other alternative applications of the present in- 
vention will readily be clear to those of ordinary skill 
in the art. The present invention is, therefore, limited 
only by the appended claims. 



Claims 

1. A method of authenticating a terminal in a trans- 
action execution system to a user, said method 
comprising the steps of: 

receiving account information in said ter- 
minal; 

contacting through a communication line a 
host associated with an Institution that issued 
said account information; 

sending at least a portion of said account 
information from said terminal to said host; 

sending a personal security phrase, corre- 
sponding to said account, from said host to said 
terminal; and 

communicating to said user at said termi- 
nal a message incorporating said personal secur- 
ity phrase, where the aforementioned steps oc- 
cur prior to said user's entering any secret or con- 
fidential information into said terminal. 

2. The method of claim 1 further including the step 
of authenticating said terminal to said host, where 
the step of authenticating said terminal occurs 
prior to the step of sending a personal security 
phrase from said host to said terminal. 

3. The method of claim 1 or 2 wherein the step of 
communicating a message incorporating said 



personal security phrase includes the step of dis- 
playing said personal security phrase on a pre- 
sentation module connected to said terminal. 

5 4. The method of claim 3 wherein the step of send- 
ing a personal security phrase includes the step 
of sending a personal security phrase having the 
form of a plurality of alpha-numeric characters. 

10 5. The method of claim 4 wherein the step of send- 
ing a personal security phrase further includes 
the step of sending a personal security phrase 
having the form of a plurality of words. 

15 6. The method of claim 3 wherein the step of send- 
ing a personal security phrase includes the step 
of sending a personal security phrase having the 
form of a video-image: - - - - - . 

20 7. The method of claim 3 wherein the step of send- 
ing a personal security phrase includes the step 
of sending a personal security phrase having the 
form of a sequence of video images. 

25 8. The method of claim 1 or 2 wherein 

the step of sending a personal security 
phrase includes the step of sending a personal 
security phrase having the form of recorded 
sound; and 

30 the step of communicating a message in- 

corporating said personal security phrase in- 
cludes the step of audibly communicating said 
personal security phrase through a presentation 
module connected to said terminal. 

35 

9. The method of claim 2 further including the step 
of authenticating said host to said terminal, where 
the step of authenticating said host occurs prior 
to the step of sending account information from 

40 said temiinal to said host. 

10. The method of claim 1 or 9 wherein said terminal 
is an automatic teller machine. 

45 11. The method of claim 10 wherein the aforemen- 
tioned steps occur prior to said user's entering a 
personal identification number into said automat- 
ic teller machine. 

50 12. The method of claim 10 or 11 wherein the step of 
communicating a message incorporating said 
personal security phrase further includes the 
step of instructing said user to enter his personal 
identification number into said automatic teller 

55 machine only if said user recognizes said person- 

al security phrase as his own. 

13. The method of claim 12 wherein the step of au- 
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thenticating said automatic teller machine to said 
host includes the steps of: 

sending a serial number associated with 
said automatic teller machine to said host; 

generating a first random number in said 5 

host; 

sending said first random number from 
said host to said automatic teller machine; 

computing in said automatic teller ma- 
chine an encryption of said serial number, said io 
first random number, and a first direction code, 
using a first secure key stored in said automatic 
teller machine; 

sending said encryption of said serial 
number, said first random number, and said first is 
direction code, using said first secure key. from 
said automatic teller machine to said host; 

computing in said host an encryption of 
said serial number, said first random number, and 
said first direction code using a second secure 20 
key stored in said host; 

comparing in said host said encryption of 
said serial number, said first random number, and 
said first direction code, computed using said 
first key. to said encryption of said serial number, 25 
said first random number, and said first direction 
code, computed using said second key; and 

verifying in said host that said encryption 
of said serial number, said first random number, 
and said first direction code, computed using said 30 
first key, and said encryption of said serial num- 
ber, said first random number, and said first direc- 
tion code, computed using said second key, are 
equal. 

35 

14. The method of claim 13 wherein the step of au- 
thenticating said host to said automatic teller ma- 
chine includes the steps of: 

generating a second random number in 
said automatic teller machine; 40 

sending said second random number from 
said automatic teller machine to said host; 

computing in said host an encryption of 
said serial number, said second random number, 
and a second direction code different from said 45 
first direction code, using said first key; 

sending said encryption of said serial 
number, said second random number, and said 
second direction code, using said first key, from 
said host to said automatic teller machine; 50 



55 
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